tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Douglas Pace <Douglas.P...@NAU.EDU>
Subject SSL and Security Providers
Date Fri, 04 May 2007 16:57:50 GMT
So I'm worried this is just my fault and I haven't researched this 
enough or did something wrong, but I've been fighting a problem with 
Tomcat on Mac OSX. The problem seems to boil down to Security providers 
and tomcat seemingly modifying them.

So I installed Tomcat and deployed a webapp to it. This webapp uses CAS 
authentication which requires the app to call back out to a https web 
server to verify a ticket. Works on tomcat on Unix and Linux, but on (at 
least this mac)Mac OSX 10.4 running Java 1.5 the app fails at this point 
with the following error.

java.security.NoSuchAlgorithmException: Cannot find any provider 
supporting RSA/ECB/PKCS1Padding
        at javax.crypto.Cipher.getInstance(DashoA12275)
        at com.sun.net.ssl.internal.ssl.JsseJce.getCipher(JsseJce.java:90)
....

Now, thinking maybe somehow Java on this mac was just broken and had 
nothing to do with Tomcat I wrote a simple app that does something 
identical to what is causing the error in Tomcat, but it works. Curious?

So I've searched the web for this error and found nothing matching this 
specific problem or any related solutions. So in trying to find a 
solution to this problem myself I started looking into Security 
providers and the java.security file.

The java.security file lists the following providers.

security.provider.1=sun.security.provider.Sun
security.provider.2=com.apple.crypto.provider.Apple
security.provider.3=sun.security.rsa.SunRsaSign
security.provider.4=com.sun.net.ssl.internal.ssl.Provider
security.provider.5=com.sun.crypto.provider.SunJCE
security.provider.6=sun.security.jgss.SunProvider
security.provider.7=com.sun.security.sasl.Provider

So the last thing I've done that seems helpful was to list the providers 
each JVM has listed at runtime.

Outside of Tomcat in a simple app I get the following list

class sun.security.provider.Sun
class com.apple.crypto.provider.Apple
class sun.security.rsa.SunRsaSign
class com.sun.net.ssl.internal.ssl.Provider
class com.sun.crypto.provider.SunJCE
class sun.security.jgss.SunProvider
class com.sun.security.sasl.Provider

But within Tomcat using the same code to get the provider list I get the 
following
class sun.security.provider.Sun
class sun.security.provider.Sun
class sun.security.rsa.SunRsaSign
class sun.security.rsa.SunRsaSign
class com.sun.net.ssl.internal.ssl.Provider
class com.sun.net.ssl.internal.ssl.Provider
class sun.security.jgss.SunProvider
class sun.security.jgss.SunProvider
class com.sun.security.sasl.Provider
class com.sun.security.sasl.Provider

So why the differences? I even started to look into the code to see if 
tomcat rewrote the providers or not, but at least as far as I could 
find, it doesn't seem to. So any ideas?

Thank you,
Douglas Pace


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message